Add action to export code scanning alert to a SARIF file

.github/workflows/check-dist.yml

@@ -0,0 +1,75 @@
+# In TypeScript actions, `dist/` is a special directory. When you reference
+# an action with the `uses:` property, `dist/index.js` is the code that will be
+# run. For this project, the `dist/index.js` file is transpiled from other
+# source files. This workflow ensures the `dist/` directory contains the
+# expected transpiled code.
+#
+# If this workflow is run from a feature branch, it will act as an additional CI
+# check and fail if the checked-in `dist/` directory does not match what is
+# expected from the build.
+name: Check Transpiled JavaScript
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  check-dist:
+    name: Check dist/
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        working-directory:
+          - code-scanning-export
+
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        id: setup-node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: ${{ matrix.working-directory }}/.node-version
+          cache: npm
+          cache-dependency-path: ${{ matrix.working-directory }}/package-lock.json
+
+      - name: Install Dependencies
+        id: install
+        working-directory: ${{ matrix.working-directory }}
+        run: npm ci
+
+      - name: Build dist/ Directory
+        id: build
+        working-directory: ${{ matrix.working-directory }}
+        run: npm run bundle
+
+      # This will fail the workflow if the PR wasn't created by Dependabot.
+      - name: Compare Directories
+        id: diff
+        working-directory: ${{ matrix.working-directory }}
+        run: |
+          if [ "$(git diff --ignore-space-at-eol --text dist/ | wc -l)" -gt "0" ]; then
+            echo "Detected uncommitted changes after build. See status below:"
+            git diff --ignore-space-at-eol --text dist/
+            exit 1
+          fi
+
+      # If `dist/` was different than expected, and this was not a Dependabot
+      # PR, upload the expected version as a workflow artifact.
+      - if: ${{ failure() && steps.diff.outcome == 'failure' }}
+        name: Upload Artifact
+        id: upload
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.working-directory }}
+          path: ${{ matrix.working-directory }}/dist/

.github/workflows/ci.yml

@@ -0,0 +1,55 @@
+name: Continuous Integration
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  test-typescript:
+    name: TypeScript Tests
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        working-directory:
+          - code-scanning-export
+
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        id: setup-node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: ${{ matrix.working-directory }}/.node-version
+          cache: npm
+          cache-dependency-path: ${{ matrix.working-directory }}/package-lock.json
+
+      - name: Install Dependencies
+        id: npm-ci
+        working-directory: ${{ matrix.working-directory }}
+        run: npm ci
+
+      - name: Check Format
+        id: npm-format-check
+        working-directory: ${{ matrix.working-directory }}
+        run: npm run format:check
+
+      - name: Lint
+        id: npm-lint
+        working-directory: ${{ matrix.working-directory }}
+        run: npm run lint
+
+      - name: Test
+        id: npm-ci-test
+        working-directory: ${{ matrix.working-directory }}
+        run: npm run ci-test

.pre-commit-config.yaml

@@ -7,6 +7,7 @@ repos:
   - id: check-case-conflict
   - id: check-yaml
   - id: trailing-whitespace
+    exclude: dist/index.js
 
 # We use the Python version instead of the original version which seems to require Docker
 # https://github.com/koalaman/shellcheck-precommit

code-scanning-export/.eslintignore

@@ -0,0 +1,5 @@
+__tests__/
+lib/
+dist/
+node_modules/
+coverage/

code-scanning-export/.eslintrc.yml

@@ -0,0 +1,82 @@
+env:
+  node: true
+  es6: true
+  jest: true
+
+globals:
+  Atomics: readonly
+  SharedArrayBuffer: readonly
+
+ignorePatterns:
+  - '!.*'
+  - '**/node_modules/.*'
+  - '**/dist/.*'
+  - '**/coverage/.*'
+  - '*.json'
+
+parser: '@typescript-eslint/parser'
+
+parserOptions:
+  ecmaVersion: 2023
+  sourceType: module
+  project:
+    - './tsconfig.json'
+
+plugins:
+  - jest
+  - '@typescript-eslint'
+
+extends:
+  - eslint:recommended
+  - plugin:@typescript-eslint/eslint-recommended
+  - plugin:@typescript-eslint/recommended
+  - plugin:github/recommended
+  - plugin:jest/recommended
+
+rules:
+  {
+    'camelcase': 'off',
+    'eslint-comments/no-use': 'off',
+    'eslint-comments/no-unused-disable': 'off',
+    'i18n-text/no-en': 'off',
+    'import/no-namespace': 'off',
+    'no-console': 'off',
+    'no-unused-vars': 'off',
+    'prettier/prettier': 'error',
+    'semi': 'off',
+    '@typescript-eslint/array-type': 'error',
+    '@typescript-eslint/await-thenable': 'error',
+    '@typescript-eslint/ban-ts-comment': 'error',
+    '@typescript-eslint/consistent-type-assertions': 'error',
+    '@typescript-eslint/explicit-member-accessibility':
+      ['error', { 'accessibility': 'no-public' }],
+    '@typescript-eslint/explicit-function-return-type':
+      ['error', { 'allowExpressions': true }],
+    '@typescript-eslint/func-call-spacing': ['error', 'never'],
+    '@typescript-eslint/no-array-constructor': 'error',
+    '@typescript-eslint/no-empty-interface': 'error',
+    '@typescript-eslint/no-explicit-any': 'error',
+    '@typescript-eslint/no-extraneous-class': 'error',
+    '@typescript-eslint/no-for-in-array': 'error',
+    '@typescript-eslint/no-inferrable-types': 'error',
+    '@typescript-eslint/no-misused-new': 'error',
+    '@typescript-eslint/no-namespace': 'error',
+    '@typescript-eslint/no-non-null-assertion': 'warn',
+    '@typescript-eslint/no-require-imports': 'error',
+    '@typescript-eslint/no-unnecessary-qualifier': 'error',
+    '@typescript-eslint/no-unnecessary-type-assertion': 'error',
+    '@typescript-eslint/no-unused-vars': 'error',
+    '@typescript-eslint/no-useless-constructor': 'error',
+    '@typescript-eslint/no-var-requires': 'error',
+    '@typescript-eslint/prefer-for-of': 'warn',
+    '@typescript-eslint/prefer-function-type': 'warn',
+    '@typescript-eslint/prefer-includes': 'error',
+    '@typescript-eslint/prefer-string-starts-ends-with': 'error',
+    '@typescript-eslint/promise-function-async': 'error',
+    '@typescript-eslint/require-array-sort-compare': 'error',
+    '@typescript-eslint/restrict-plus-operands': 'error',
+    '@typescript-eslint/semi': ['error', 'never'],
+    '@typescript-eslint/space-before-function-paren': 'off',
+    '@typescript-eslint/type-annotation-spacing': 'error',
+    '@typescript-eslint/unbound-method': 'error'
+  }

code-scanning-export/.node-version

@@ -0,0 +1 @@
+20.6.0

code-scanning-export/.prettierignore

@@ -0,0 +1,3 @@
+dist/
+node_modules/
+coverage/

code-scanning-export/.prettierrc.json

@@ -0,0 +1,16 @@
+{
+  "printWidth": 80,
+  "tabWidth": 2,
+  "useTabs": false,
+  "semi": false,
+  "singleQuote": true,
+  "quoteProps": "as-needed",
+  "jsxSingleQuote": false,
+  "trailingComma": "none",
+  "bracketSpacing": true,
+  "bracketSameLine": true,
+  "arrowParens": "avoid",
+  "proseWrap": "always",
+  "htmlWhitespaceSensitivity": "css",
+  "endOfLine": "lf"
+}